WGU - Software Defined Networking - D415 Questions With Correct Solutions, Already Passed!, Exams of Advanced Education

Network Functions Virtualization Infrastructure (NFVI) Is the entirety of the hardware and software components that build the environment where VNFs are deployed. Virtual Network Functions (VNFs) Are the software implementations of network functions. Open Platform for NFV (OPNFV) Created by the Linux Foundation in 2014 and is a collaborative open-source platform that seeks to develop NFV and shape its evolution.

Typology: Exams

2025/2026

Available from 06/30/2026

Academicmaterials
Academicmaterials šŸ‡ŗšŸ‡ø

3.5

(6)

8.2K documents

1 / 21

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
WGU - Software Defined Networking -
D415
Network Functions Virtualization Infrastructure (NFVI)
Is the entirety of the hardware and software components that build the environment
where VNFs are deployed.
Virtual Network Functions (VNFs)
Are the software implementations of network functions.
Open Platform for NFV (OPNFV)
Created by the Linux Foundation in 2014 and is a collaborative open-source platform
that seeks to develop NFV and shape its evolution.
OpenStack
An open-source cloud computing platform that has high market penetration that
includes a collection of interoperable modules that are used to orchestrate large pools
of compute, storage, and networking resources.
Nova
OpenStack compute module, is used to create and delete compute instances as
required.
Glance
OpenStack module that synchronizes and maintains VM images across the com pute
cluster.
Keystone
Module that provides authentication for accessing all OpenStack services.
Cinder
OpenStack module that provides block storage used as storage volumes for VMs.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15

Partial preview of the text

Download WGU - Software Defined Networking - D415 Questions With Correct Solutions, Already Passed! and more Exams Advanced Education in PDF only on Docsity!

WGU - Software Defined Networking -

D

Network Functions Virtualization Infrastructure (NFVI) Is the entirety of the hardware and software components that build the environment where VNFs are deployed. Virtual Network Functions (VNFs) Are the software implementations of network functions. Open Platform for NFV (OPNFV) Created by the Linux Foundation in 2014 and is a collaborative open-source platform that seeks to develop NFV and shape its evolution. OpenStack An open-source cloud computing platform that has high market penetration that includes a collection of interoperable modules that are used to orchestrate large pools of compute, storage, and networking resources. Nova OpenStack compute module, is used to create and delete compute instances as required. Glance OpenStack module that synchronizes and maintains VM images across the com pute cluster. Keystone Module that provides authentication for accessing all OpenStack services. Cinder OpenStack module that provides block storage used as storage volumes for VMs.

Swift OpenStack module that provides object storage that is used to store large amounts of static data in a cluster. Neutron or networking, OpenStack module that allows the different compute instances and storage nodes to communicate with each other. Horizon OpenStack module provides a GUI dashboard, and is by far the most widely deployed management module. Heat OpenStack module that helps expedite orchestration of applications across multiple compute instances by using templates. Celiometer OpenStack module that monitors the NFVI and helps identify bottlenecks and resource optimization opportunities. Ironic OpenStack module that is a provisioning tool for baremetal installation of compute capabilities instead of VMs in OpenStack. Congress OpenStack module that is a policy management framework for the OpenStack environment. Designate OpenStack module that is used to point applications in the OpenStack environment to a trusted DNS source. Barbican OpenStack module that works with Keystone authentication to manage internal application security by behaving as a key manager.

NFV Management and Orchestration (NFV-MANO) Consists of all functional blocks, data repositories, reference points, and interfaces that are used for managing and orchestrating VNFs and the NFVI. Dynamic Host Configuration Protocol (DHCP) A network management protocol used to dynamically assign an Internet Protocol (IP) address to any device, or node, on a network so they can communicate using IP. UDP port number 67 Destination port of a DHCP server UDP port number 68 Destination port of a DHCP client ioctl interface Linux Bridge Configuration offers an interface that can be used to create and destroy bridges in the operating system, and it can also add network interfaces and remove existing network interfaces to / from the bridge. sysfs-based interface Linux Bridge Configuration allows the management of bridge and bridge port specific parameters. Virtual Network a mapping of the entire or subset of networking resources to a specific protocol layer. Network Virtualization (NV) Defined by the ability to create logical, virtual networks that are decoupled from the underlying network hardware to ensure the network can better integrate with and support increasingly virtual environments.

Two most common forms of NVs Protocol-based virtual networks Virtual networks that are based on virtual devices Virtual Private Networks (VPNs) protocol-based virtual networks usually built on tunneling protocols, which consists of multiple remote end-points (typically routers, VPN gateways of software clients) joined by some sort of tunnel over another network, usually a third-party net work. Virtual LANs (VLANs) Protocol-based virtual networks that are logical local area networks (LANs) based on physical LANs Virtual Private LAN Services (VPLS) A specific type of Multipoint VPN that is divided into Trans parent LAN Services (TLS) and Ethernet Virtual Connection Services. Virtualization Refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, storage devices, and computer network resources. Replication To create multiple instances of the resource Isolation To separate the uses which clients make of the underlying resources Overlay network It describes a computer network that is built on top of another network. Virtual Network Embedding (VNE) problem How to optimally allocate virtual networks and their associated networking resources. hub a physical-layer device where a frame is passed along or broadcast to every one of its ports. It does not matter that the frame is only destined for one port.

VXLAN (Virtual Extensible LAN) Network virtualization technology that attempts to improve the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate layer 2 Ethernet frames within layer 4 UDP packets Generic Routing Encapsulation (GRE) A communication protocol used to establish a direct, point-to-point connection between network nodes. Being a simple and effective method of transporting data over a public network, such as the Internet, it lets two peers share data they will not be able to share over the public network itself. SSL (Secure Socket Layer) A standard security technology for estab lishing an encrypted link between a server and a client - typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook) by encrypting data above the transport layer. IPSec A network protocol suite that authenticates and encrypts the packets of data sent over a network at the IP layer. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys for use during the session. IEEE 802.1Q A protocol for carrying VLAN traffic on Ethernet. Maximum Transmission Unit (MTU) The size of the largest block of data that can be sent as a single unit. Southbound Interface (SBI) Allows the controller to communicate, interact and manage the forwarding elements. East / Westbound interfaces Are meant for communication between groups or federations of controllers.

Northbound Interface (NBI) Enables applications in the application layer to program the controllers by making abstract data models and other functionalities available to them. Unified control plane of an SDN Consists of one or more SDN con trollers that use open APIs to exert control over the underlying vSwitches or forwarding devices. Data plane in SDN Tasked with enabling the transfer of data from the sender to the receiver(s). OpenFlow Defined by the ONF, is a protocol between the control and forwarding layers of an SDN architecture, and is by far the most widespread implementation of SDN. SDN Controllers The brains of the SDN operation that lies between the data plane devices on one end, and high level applications on the other. Takes the responsibility of establishing every flow in the network by installing flow entries on switch devices. NOX Was among the fi rst publicly available OpenFlow controller. OpenDaylight (ODL) An open-source SDN controller that has been available since 2014. It is a modular multi- protocol SDN control ler that is widely deployed in the industry. Open Virtual Switch (OVS) Open-source implementation of a distributed programmable virtual multi-layer switch. Generally consist of flow tables, with each flow entry having match conditions and associated actions. Communicates with the controller using a secure channel, and generally uses the OpenFlow protocol. Routing Control Platform (RCP) Proposed in for the provisioning of inter-domain routing over a BGP network. Routing is

The source of attacks Two types of attackers based on their origins called inside attacker (or insider) and outside attacker (or out sider). The method of attacks There are two types of attack methods based on the intention of the attacker called passive attacks and active attacks. The target of attacks The objective of attackers to try to compromise. The consequence of attacks Describes outcomes by successfully deploying an attack. It is a multi-faceted consequence. Defense in depth Also known as Castle Approach is the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to thwart an attack. Defense in depth framework The first layer is a prevention mechanism that stops attacks from getting into the networking system. The second layer is detection and response mechanisms that watch activities on systems and networks to detect attacks and repair the damage The third layer is attack-resilient technologies that enable the core elements, or, the most valuable systems, on the network to survive attacks and continue to function. Cyber Kill Chain Adopts the concept of a procedural step-by-step attacking method consisting of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.

Reconnaissance The attacker gathers information on the target before the actual attack starts. Weaponization Cyber attackers do not interact with the intended victim, instead they create their attack. Delivery Transmission of the attack to the intended victim(s). Exploitation This implies actual detonation of the attack, such as the exploit running on the system. Installation The attacker may install malware on the victim. Command & Control (C&C) This implies that once a system is compromised and / or infected, the system has to call home. Actions on Objectives Once the cyber attackers establish access to the organization, they then execute actions to achieve their objectives / goal. Network mapping The study of the connectivity of networks at the layer 3 on a TCP / IP network. Vulnerability scanning An inspection of the potential points of exploit on a computer or network to identify security holes. Penetration testing Attempts to identify insecure business processes, insecure system settings, or other weaknesses.

decentralized logging Usually built on centralized logging solutions, in which multiple centralized-logging systems can be established to handle specific applications to address the scalability issues. Centralized logging interdependent services Collect logs Transport Store Analyze Alerting Log Collection Centralized logging interdendent service that uses one of two basic approaches

  1. The replication approach, where files are replicated to a central server on a fixed schedule.
  2. Direct remote logging protocol to send log data when generated from the system without a delay such as syslog. Log Transport frameworks One way is directly plug input sources and framework can start collecting logs and another way is to send log data via API. Log storage factors Time - for how long should logged data be stored? Volume - how huge would the logged data be? Access - how will you access the logs? IEEE 1588 Standard for a Precision Time Protocol (PTP) that enables precise synchronization of clocks in measurement and control systems implemented with technologies such as network communication, local computing, and distributed objects.

SDLC 5 phases Initiation Acquisition and development Implementation Operations and maintenance Disposition SDLC Initiation Phase Security categorization Preliminary risk assessment SDLC Acquisition and Development Phase Risk assessment Security functional requirements analysis Security assurance requirements analysis Cost considerations and reporting Security planning Security control development Developmental security test and evaluation Other planning components SDLC Implementation Phase Inspection and acceptance System integration Security certification Security accreditation SDLC Operations and Maintenance Phase Configuration management and control Continuous monitoring SDLC Disposition Phase Information preservation

VM-FW-R

NIST 800-125B recommendation that states in virtualized environments with VMs running delay sensitive applications, virtual firewalls should be deployed for traffic flow control instead of physical fi rewalls VM-FW-R NIST 800-125B recommendation that states in virtualized environments with VMs running I / O intensive applications, kernel-based virtual firewalls should be deployed instead of subnet-level virtual firewalls, VM-FW-R NIST 800-125B recommendation that states for both subnet-level and kernel-based virtual firewalls, it is preferable if the firewall is integrated with a virtualization management platform rather than being accessible only through a stand alone console. VM-FW-R NIST 800-125B recommendation that states for both subnet-level and kernel-based virtual firewalls, it is preferable that the firewall supports rules using higher-level components or abstractions (e.g., security group) in addition to the basic 5-tuple (source / destination IP address, source / destination ports, protocol). Chef a configuration management tool written in Ruby and uses a pure Ruby, domain-specific language (DSL) for writing system configuration "recipes" These recipes which are grouped together and called a cookbook for easier management, describe a series of resources in an optimal state Ansible An open-source suite of tools for software provisioning, configuration management, and application deployment agentless and relies on temporary remote connections (over standard SSH by default) without installing agents on the controlled node.

Works with "playbooks" which are configuration files written in YAML and are used to store automation instructions. Puppet Most well-known and matured configuration management tool Uses specific modules written in either using its own declarative language or a Ruby DSL (domain-specific language) for configuration management. Apstra Juniper software that automates and validates your data center network design, deployment, and operations across a wide range of vendors. Benefits of NFV Automating the orchestration and management lets an NFVI be more scalable and achieve better resource utilization. Using generic server hardware that can act as any number of network devices instead of specialized hardware that perform singular functions helps reduce both operational and capital expenditures. virtualization offers carriers the ability to offer pay-as-you-go services without huge up- front investment. Avoiding proprietary hardware empowers administrators with a streamlined provisioning process. Domain Name System (DNS) a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network. PREROUTING NAT table chain that is done at first when a packet is received and is thus routed based on where it is going (destination).

with the purpose of implementing a net work service that is not available in the existing network. Address Resolution Protocol (ARP) A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given network layer address, typically an IPv4 address. Role-based access control (RBAC) Concept that is used to create differentiated access based on entitlement to administer a network device or controller VNFM (VNF Manager) Responsible for basic lifecycle management operations such as create / update / delete, platform aware NFV load optimization, health monitoring, auto-scaling and VNF configuration management operations. NFV Catalog Consists of VNF Descriptors, Network Service Descriptors and VNF Forwarding Graph Descriptors NFVO (NFV Orchestrator) Responsible for VIM resource check and allocation, SFC management using VNF Forwarding Graph descriptor, VNF placement policy, network service deployment using decomposed VNFs. Security mechanism - Replication Can help in dealing with cases of controller or application failures due to a high volume of traf fi c or software vulnerabilities. Security mechanism - Diversity Improves the robustness and intrusion tolerance. The use of diverse controllers can help reduce lateral movement of an attacker and cascading system failures caused by common vulnerabilities.

Security mechanism - Automated Recovery In the case of security attacks, leading to service disruption, the proactive and reactive security recovery mecha nisms can help in maintaining optimal service availability. Security mechanism - Dynamic Device Association Helps in dealing with faults (crash or Byzantine). Other advantages include load balancing feature provided by diverse controllers (reduced service latency). Security mechanism - Controller-Switch Trust A trust establishment mechanism between the controller and switch is important to deal with cases of fake flows being inserted by malicious switches. Security mechanism - Controller-App Plane Trust Controller and application plane components should use autonomic trust management mecha nisms based on mutual-trust and delegated trust (3rd part such as the Certi fi cate Authority to establish trust). Security mechanism - Security Domains Help in segmenting the network into different levels of trust, and containment of the threats to only the affected section in the SDN framework. Clustering Adds a layer of defense against the controller being a single point of failure by having one or more controllers in an active / standby scenario. MTD - Shuffling Involves rearrangement of resources at various layers. Some examples include migration of VM from one physical server to another, application migration, instruction set randomization (ISR), etc. MTD - Diversification Modify the network function or software responsible for the functioning of an application or the underlying compiler to diversify the attack surface. MTD - Redundancy Creates multiple replicas of a network component in order to maintain an optimal level